A Latvian national extradited to the United States has been sentenced to 8.5 years in prison for his role in negotiating a “cold case” against the Russian Karakurt ransomware group.
Deniss Zolotarjovs (Денисс Золотарёвс) age 35 of Moscow, Russia, was arrested in Georgia, Eastern Europe, in December 2023, pleaded guilty in July 2025 to conspiracy to commit fraud and money laundering indicted in August 2024.
“Deniss Zolotarjovs helped his ransomware group profit by hacking dozens of companies, including a government company whose 911 system was forced offline,” said Assistant Attorney General A. Tysen Duva. “He also used stolen children’s health information to increase his power to defraud victims of payments.”
According to court documents, Zolotarjovs (also known online as “Sforza_cesarini”) was a member of the Karakurt extortion operation (led by former Conti ransomware gang leaders) that compromised company systems, stole information, and demanded ransom from victims by threatening to publicly leak or sell to other cybercriminals.
The FBI has linked Zolotarjovs to at least six cases of defrauding US corporations between August 2021 and November 2023, and said his role was to negotiate so-called “cold case fraud,” where communication with victims is cut off unless a ransom is paid.
Zolotarjovs played a key role in forcing victims to rethink their stance against ransom demands, conducting extensive research on target companies and analyzing stolen personal and health information to increase psychological pressure.
He has also been associated with attacks on organizations victimized by various other ransomware groups, including Conti, Royal, TommyLeaks, SchoolBoys Ransomware, and Akira.
“Of the more than 54 companies that were attacked, attacks on 13 of those companies resulted in more than $56 million in losses, including approximately $2.8 million in ransom payments. This loss estimate includes only known victim companies and does not include the other 41 victim companies that made $13 million in ransom payments during that time but the government has not yet disclosed their losses,” the Justice Department said in a statement.
“Due to the limited distribution of ransomware attacks, the actual numbers of losses are uncertain, but, compared to the known victims and known losses, the government estimates the total losses during Zolotarjovs’ participation to be in the hundreds of millions of dollars.”
Zolotarjovs is the first member of Karakurt to face charges and be sentenced in the US, which could lead to prosecutions of other members in the future.
On Thursday, two former employees of Sygnia and DigitalMint were also sentenced to four years in prison each for targeting American companies in the BlackCat (ALPHV) ransomware attack.
AI has tied four zero days to a single exploit that bypasses both renderer and OS sandboxes. A wave of new exploits is coming.
At the Automated Validation Conference (May 12 & 14), see how autonomous, context-rich validation finds usability, validates controls, and closes the correction loop.
Find Your Place
